Chapter 8 tyk
' ' 1. Biometric security differs from password security because it can’t be cracked. It uses body parts such as, fingerprints, hands, eye scans or voice scans to unlock. 2. The ethical issues that arise through the use of biometrics is that it is not cheap to buy and can cost tens of thousands of dollars for just the software. 3. The type of information protected by biometric security is highly sensitive information. 4. Some drawbacks of using swipe cards or smart cards are that they can easily be damaged by magnetic fields and if they are stolen they offer very little protection to your stuff. 5. Skimming is when you steal the details from a swipe card. 6. A security token works by having a constantly changing authentication code. 7. Two-factor authentication works by if you lose your security token, which contains the authentication code. You still need to know the username and password for that account. 8. Computer equipment can be protected from power fluctuations by having a surge protector. 9. A fault-tolerant system is a safeguard against system failure. They keep on working when a piece of hardware fails. 10. And organization would have a mirrored machine or server because they copy all saved files so that there are duplicates incase one gets damaged. 11. RAID arrays protect data by spreading fragments of data over several hard drives. So if one fails the remaining drives piece together the missing information. 12. Three common backup devices are, USB’s, CD’s and online backup. 13. Different types of backup media are magnetic media, optical media and solid-state drives. 14. An organization might use a data warehouse because all their data is stored in an off site location where it is safer than in the building. 15. Some drawbacks of using optical devices for backups are that they can get scratched and damaged easily and then you are unable to get the information off them. 16. Some common methods of surveillance used to protect data are packet sniffers, desktop monitoring programs, log files, closed-circuit television, telephones and audit trails. 17. Log files can be used to increase the security of data by keeping a track of what is happening on the computers at any given time. 18. The purpose of an audit trail is to record anything that happens on a computer at a given time. 19. Computer equipment can be physically protected by locking it up, keeping it in safes, or in specialized secure rooms. 20. Public key encryption works by being given from your computer to any computer that wants to communicate with it. A message encrypted with your private key can only be decrypted with your public key. 21. A network policy inside an organization plays the role of allowing employees to access data stored in different location. 22. Three examples of a good password include: random combinations, at least six characters, and include numbers and letters. These could be 2BEORNOT2B. 23. Network policies can help users to choose a good password by making people change their passwords at least once a month so that they are harder to guess if they keep on changing. 24. A firewall would be used to protect data by restricting access to a network from external sources. 25. Antivirus software works by protecting computers by detecting viruses when a computer turns on. 26. A procedure can assist with securing data by assisting file management. 27. An organization would have a file-management policy because they define how an information system should be used. 28. Forms of technology covered by a communication policy is mobile phones, laptops, fax machines, etc. 29. A PDF document is a portable document format that is an open standard for document exchange. It is easily shared, printed and doesn’t need to be in the program that created it. 30. Good file naming conventions include a date stamp, variation and a name. If it does not contain these it is a bad file naming convention. 31. File naming conventions enhance data security because they ensure that the right operations happen to the correct files. 32. Sequential file naming is for example. “Newsletter 2011-11 03Oct.doc”. It is a monthly newsletter that is being prepared for November 2011. The revision was saved on the 3rd of October. Variation file naming convention is for example “newsletter 2011-11 v3.doc” It is a monthly newsletter. The file is version 3 of the newsletter being prepared for November. 33. A full backup is when you copy all the files to a backup to a backup device. A differential backup is used as well as a full backup but it only copies that files that have been altered since the last full backup. 34. The information that is entered into a backup log identifies the workstation or system, software used to perform the backup, the number, the type, the storage location of the media, the date, a list of files and folders where its backed up and the type of backup. 35. The information contained in a restoration log is the workstation or system restored, the date of restoration, a list of files or folders restored, the backup media used and the reason for restoration. 36. An organization would need a backup strategy incase something happens to their information they have to have a way in which they can get all their data back. Otherwise they could lose a large amount of data and money. 37. It is important to think through the location of backup files because they have to be backed up in safe location where nothing can happen to the data in case of an emergency or disaster. 38. The impact that a legacy system would have on a backup strategy is that they run on old databases or old servers/mainframes so it could slow everything down or make it incompatible. 39. Archiving is moving unused files to an offline storage area and then deleting them after a period of time. Backing up is moving them to a location but they will not be deleted as they still get used. 40. Issues an organization should consider when disposing of files are that they must look through what they are deleting thoroughly before deleting it to make sure that they don’t delete vital information. 41. Cloud computing works by businesses sharing access to shared resources such as applications and services through the Internet. 42. Applications that can be accessed via a cloud are email, office automation applications, customer-relationship databases and project-management tools. 43. An organization might access a cloud by going on a multiple servers where all the data is stored. 44. The type of organization that would access a community cloud is organizations with similarities want to develop and share infrastructure. 45. The advantages of a private cloud for a hospital or medical institution are that they can share information without it getting leaked out to the public. 46. Data would be less secure if backed up in a cloud because you don’t know where that information is going through the cloud and being stored. 47. The advantages of using a cloud environment to a small business is that they don’t have to pay for all the software for the computers and can have cheaper computers as they don’t have to save data on their hard drives. 48. Ethical requirements are the principles of right and wrong and their consequences are a result of actions. Legal requirements can result in penalties such as fines or a jail sentence. 49. Ethical responsibilities that employers and employees are that they have to pay staff for their work, provide a suitable workspace, work in the interests of the organization, and provide good quality products and high level of service. 50. The purpose of the code of conduct is a set of principles and expectations that the companies have to follow so everything is ethical. 51. Employee monitoring is justified because you are ensuring that employees are doing company work, maintaining target levels of performance, and it saves time and money. 52. I think that employee monitoring is ethical to a certain point. It is reasonable if you are using it to see if they are doing the correct work but not to just constantly have an eye on them. 53. A company computer or network use policy is important because it outlines how the company’s computers are allowed or not allowed to be used. 54. Ethical restrictions that can be applied to accessing the Internet at work are not going on websites that are restricted or going on websites that have nothing to do with the required set work. 55. A disaster recovery plan is a series of steps that must be followed to restore everything back to normal in case of an emergency or disaster. 56. The four key parts of a recovery plan are backup method, alternative sites, equipment replacement, roles and responsibilities of personnel and the cost. 57. A backup plan covers the company’s procedures to follow for using backup files that are being restored to computers. An emergency plan shows the steps to take in the even of a natural disaster. 58. The steps that might be taken during a disaster recovery plan include: A. Store passwords in multiple locations. One in the same building and one in another locations. B. Document the whole recovery process C. Establish an automated system D. Practice the disaster recovery plan at least 4 times a year E. Make sure backups all work F. Build redundancy into your system G. Ensure that you have replacement equipment H. Replace tapes for backups I. Buy the best UPS you can within your price range J. Protect yourself from theft K. Get automatically closing fire doors 59. It is important to test your disaster recovery plan because if a disaster happens and it doesn’t work you will lose all your data and information and it could cost you a huge sum of money. 60. You can evaluate the integrity of data that must be reliable and accurate by evaluating its accuracy, reliability and timeliness. 61. 62. The ease of retrieval is an important criterion because it will ensure that everything can be restored when required. 63. The currency of files as an effective file-management strategy could be assessed to determine the degree in which the most recent version of the file is available.